CVE-2023-39914

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-39914
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-39914.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-39914
Aliases
Related
Published
2023-09-13T15:15:07Z
Modified
2024-09-18T03:25:05.051601Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

NLnet Labs' bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding.

References

Affected packages

Debian:12 / rust-bcder

Package

Name
rust-bcder
Purl
pkg:deb/debian/rust-bcder?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.6.1-1
0.7.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / rust-bcder

Package

Name
rust-bcder
Purl
pkg:deb/debian/rust-bcder?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.7.3-1

Affected versions

0.*

0.6.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}